Sign-up

ID

VAR-201505-0134


CVE

CVE-2015-0716


TITLE

Cisco Unity Connection of CUCReports Page cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002542

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. Vendors have confirmed this vulnerability Bug ID CSCut33659 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCut33659. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2015-0716 // JVNDB: JVNDB-2015-002542 // BID: 74471 // VULHUB: VHN-78662

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:11.0\(0.98000.225\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:11.0\(0.98000.332\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:11.0(0.98000.332)

Trust: 1.1

vendor:ciscomodel:unity connectionscope:eqversion:11.0(0.98000.225)

Trust: 1.1

sources: BID: 74471 // JVNDB: JVNDB-2015-002542 // CNNVD: CNNVD-201505-030 // NVD: CVE-2015-0716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0716
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0716
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-030
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78662
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0716
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78662
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78662 // JVNDB: JVNDB-2015-002542 // CNNVD: CNNVD-201505-030 // NVD: CVE-2015-0716

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78662 // JVNDB: JVNDB-2015-002542 // NVD: CVE-2015-0716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-030

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-030

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002542

PATCH
title:38675url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38675
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002542

EXTERNAL IDS
db:NVDid:CVE-2015-0716
Trust: 2.8
db:SECTRACKid:1032259
Trust: 1.1
db:JVNDBid:JVNDB-2015-002542
Trust: 0.8
db:CNNVDid:CNNVD-201505-030
Trust: 0.7
db:SECUNIAid:64399
Trust: 0.6
db:BIDid:74471
Trust: 0.4
db:VULHUBid:VHN-78662
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78662 // 
            
            
            
            BID: 74471 // 
            
            
            
            JVNDB: JVNDB-2015-002542 // 
            
            
            
            CNNVD: CNNVD-201505-030 // 
            
            
            
            NVD: CVE-2015-0716

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38675
Trust: 2.0
url:http://www.securitytracker.com/id/1032259
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0716
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0716
Trust: 0.8
url:http://secunia.com/advisories/64399
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6509/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78662 // 
            
            
            
            BID: 74471 // 
            
            
            
            JVNDB: JVNDB-2015-002542 // 
            
            
            
            CNNVD: CNNVD-201505-030 // 
            
            
            
            NVD: CVE-2015-0716

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74471

SOURCES
db:VULHUBid:VHN-78662
db:BIDid:74471
db:JVNDBid:JVNDB-2015-002542
db:CNNVDid:CNNVD-201505-030
db:NVDid:CVE-2015-0716

LAST UPDATE DATE
2024-11-23T22:45:57.696000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78662date:2015-09-10T00:00:00
db:BIDid:74471date:2015-05-05T00:00:00
db:JVNDBid:JVNDB-2015-002542date:2015-05-08T00:00:00
db:CNNVDid:CNNVD-201505-030date:2015-05-07T00:00:00
db:NVDid:CVE-2015-0716date:2024-11-21T02:23:35.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-78662date:2015-05-07T00:00:00
db:BIDid:74471date:2015-05-05T00:00:00
db:JVNDBid:JVNDB-2015-002542date:2015-05-08T00:00:00
db:CNNVDid:CNNVD-201505-030date:2015-05-07T00:00:00
db:NVDid:CVE-2015-0716date:2015-05-07T01:59:04.420